While searching and surfing the 'net, I noticed that WebRep gives many more sites the ‘green light’ than other web rating tools (WOT, SiteAdvisor, etc).
Then something truly odd happened. Several sites appearing in SPAMmed mail, and malware sites obtained from Malware Domain List (MDL) such as: http://nuaswyn. cz . cc / out.php?a=QQkEEkcJBQQEBAQG&p=1, are given a ‘green’ light “based on a small number of votes.”
However, if you are looking for Italian Food, and have the temerity to visit the National Chain, The Olive Garden: http://www.olivegarden.com/, Avast! users are greeted with an “orange” warning, “based on a small number of votes.”
This seems to suggest that the WebRep voting is being maliciously manipulated, or that the WebRep reputation ranking algorithm does not do a good job silencing “untrusted” voters (users or voters who vote against the grain and give known good sites bad reputations and known bad sites good reputations), or the reputation ranking algorithm is still in need of significant refinement.
I wanted to bring this to the attention of the Avast! developers, however, as it seems to be increasingly common observation of mine.
Do you see my point, though? If Canadian Viagra in SPAMmed messages has a “good rating” (illegal, in the United States, and usually fake, per many studies on interdicted shipments) and Olive Garden has a worse than neutral rating (for whatever reason, but ‘don’t like olive garden’ doesn’t make sense since Foxnews.com gets a solid green rating), this is a problem!
I see your point, It either seems like it is being maliciously handled or people are rating it upon personal preference
“Some people find olive garden an insult too Italian cuisine?” Point is people are using this too rate the popularity. Went to a restaurant and was greeted and served badly? doesn’t mean there site is infected, make a review if you want to scold them. I wish the webrep was only allowed for users who have also signed for the forums, but visible for all avast users, Signature- 20 posts, weprep repping-200 posts. ha ha
Yes, after all, that is what is asked for as far as user input. People are just doing what is asked.
Not for users to assess such things, imo. And since any input from Avast! into the add-on regarding infection info is still forthcoming, that is not even what is is for.
Part of the problem is when sites that are known to serve up malware, and have no other legitimate purpose, and WebRep signals that “This site has an overall good rating” [based on a small number of votes], a reasonable user will interpret that this site is trustworthy, and it makes it more likely that an unknown program will be run than if WebRep had not been installed. In this scenario, a reasonable user may be worse off than having no web-based reputation protection, which is certainly not the intent. Reviews such as this, from the respected source, PCMAG, also convey this sense of trustworthiness of sites:
Another reasonable interpretation is that WebRep does not signal site trustworthiness, or even the likelihood that illegal content or malware is being served up, but rather whether the community of users, approve, disapprove, like or dislike or have any number of other opinions about the website, the business or community the website represents, local brick and mortar stores of the national chain. If so, the ratings attached to sites are not helpful to Avast! user, as sites receive only one global rating, as an up or down vote. It is particularly confusing, because the attempt to simplify rating interpretation (by giving a single global verdict) is based on none and any criteria, at the same time. In other words, the single global verdict cannot be reliably interpreted by the average user since it is not developed on a standard criterion.
If Avast! is confident that the votes are not being maliciously manipulated, which seems at least plausible, then I like BigBear’s suggestion. The easiest way to bring balanace to the force may be to multiply each user’s vote by that user’s “street 'cred” in the Avast! community (which can be calculated in any number of ways). That way malicious manipulation and abject voting are diluted out…
We can probably agree that the average user is more likely to approve of Olive Garden than a website serving them malware.
(please see the URL I listed as part of the original posting for this thread)
I think that the problem with Web Rep is that it is more popularity-based and positive popularity does NOT equate to a secure website. I think many general population people are prone to rating sites higher than they should be rated using Web Rep, WOT, or Site Adviser, on Social Networks like Facebook, My Space, or Twitter, because the average Joe Blow and Jane Doe, and their children and grandchildren may not be educated enough in web security and proper browsing, or just don’t care about security risks. They would rather social network with their friends than care about the security of a site. For these reasons, I think social network sites get higher ratings than they should.
I think Web of Trust and Site Adviser suffer from a lot of the same issues above. Actually, it has been so long since I used Site Adviser. Does Site Adviser warn about a bad site if you try to go to it, or just give a warning? WOT warns about red sites with a Warning Message by default. I think Web Rep could use a Warning Message by default on all red sites AND if the virus lab determines that a site should be red, FUTURE UPDATES FOR WEB REP WOULD OVERRIDE ALL EXISTING VOTES FOR A MALICIOUS SITE WITH A WARNING MESSAGE. In other words, the virus lab vote for a bad site, over-rides all other votes with a dangerous site message. In fact, WOT can be set to block sites instead of just a warning message by customizing user settings.
I would like to hear or read Vik’s comments about the use of virus lab data for Web Rep with an automatic block (or at the very least a warning for bad sites if the Virus Lab determines it needed.)
Actually, WOT does not rely exclusively on user data for site ratings. They use about 100 reliable business security tools to asses ratings as well:
It seems that Web Rep is on it’s way to great potential. But I think it needs a blocking mechanism for bad sites to be competitive with WOT AND data from the virus lab experts for the most effective security mechanisms. We have to give Web Rep time to develop. WOT and Site Adviser have had several years to develop. Web Rep has had about four months with Avast Version 6. When Web Rep has had its time in the field for two years, than it’s relationship data to Internet Security will be more accurately assessed. Right now, it’s data set compared to Site Adviser and WOT is too small to be reliable.
However, with the above ideas, Web Rep I think will change for the better, maybe a lot faster than expected.
Mind you - WOT does not really block. By the time it displays the STOP page, you could as well have been infected already. There are tools that do effectively block access though (such as the recent BitDefender TrafficLight) thing.
As for the rest of the debate here: again, this is a social rating tool. Relax and vote if dislike the rating.
In my humble opinion, i think WebRep is a waste of AVAST Software resources. Maybe they do get some real benefit from the ratings but for me as an end user, i don’t see anything useful in it. Ratings are often wrong and since it doesn’t really block anything, it does nearly nothing to improve security for those that are less computer literate.
I’d prefer to see a reputation based system for actual files, similar to what Norton does with Insight. Now that would make more sense and everyone would actually benefit from it. We already have a great userbase so this would make end results more accurate and it wouldn’t be just a nice icon in a browser but an actual protection feature.
I think if WebShield/NetShield scanning results for a page is returned to avast, it could be distributed by WebRep.
I mean, an user enters an infected website, this triggers the central WebRep ratings and the site got a red icon for the users.
I think we should have 4 colors: red (infected), yellow (suspicious), green (ok) and gray (not rated yet).
The categorization is a secondary information.
I for one would like to see the ratings (even from users, and definitely when the avast lab’s input finally becomes operative) restricted to just computer-security matters, and sites rated good or bad solely on that basis.
I might take it one step further and consider its use also for parental content control, but even that gets into subjective-opinion areas that I don’t think Webrep was intended for.
If I remember correctly sometime in the future avast! will utilize a “type” of cloud to go along with votes. IOW there will be some use of a cloud or white list. As far as safety and/or security goes if you play with fire don’t come crying to us if you get burned. Also check your “web shield” settings.